rpm package
opensuse/openssh&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openssh&distro=openSUSE%20Tumbleweed
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35414 | Med | 4.2 | < 10.3p1-4.1 | 10.3p1-4.1 | Apr 2, 2026 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. | |
| CVE-2026-35388 | Low | 2.5 | < 10.3p1-6.1 | 10.3p1-6.1 | Apr 2, 2026 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | |
| CVE-2026-35385 | Hig | 7.5 | < 10.3p1-4.1 | 10.3p1-4.1 | Apr 2, 2026 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). | |
| CVE-2026-3497 | Hig | 7.5 | < 10.3p1-6.1 | 10.3p1-6.1 | Mar 12, 2026 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does | |
| CVE-2025-32728 | — | < 10.0p2-2.1 | 10.0p2-2.1 | Apr 10, 2025 | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | ||
| CVE-2025-26466 | — | < 9.9p2-1.1 | 9.9p2-1.1 | Feb 28, 2025 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack | ||
| CVE-2025-26465 | Med | 6.8 | < 9.9p2-1.1 | 9.9p2-1.1 | Feb 18, 2025 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying | |
| CVE-2024-39894 | Hig | 7.5 | < 9.6p1-11.1 | 9.6p1-11.1 | Jul 2, 2024 | OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | |
| CVE-2024-6387 | Hig | 8.1 | < 9.6p1-10.1 | 9.6p1-10.1 | Jul 1, 2024 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time pe | |
| CVE-2023-51385 | Med | 6.5 | < 9.6p1-11.1 | 9.6p1-11.1 | Dec 18, 2023 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in | |
| CVE-2023-48795 | Med | 5.9 | < 9.3p2-5.1 | 9.3p2-5.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-38408 | — | < 9.3p2-1.1 | 9.3p2-1.1 | Jul 20, 2023 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this is | ||
| CVE-2022-2274 | — | < 9.3p1-1.1 | 9.3p1-1.1 | Jul 1, 2022 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computat | ||
| CVE-2021-41617 | Hig | 7.0 | < 9.6p1-3.1 | 9.6p1-3.1 | Sep 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges | |
| CVE-2021-28041 | — | < 9.6p1-3.1 | 9.6p1-3.1 | Mar 5, 2021 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | ||
| CVE-2019-6109 | Med | 6.8 | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being | |
| CVE-2019-6111 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att | ||
| CVE-2019-6110 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 31, 2019 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||
| CVE-2018-20685 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 10, 2019 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | ||
| CVE-2016-6210 | Med | 5.9 | < 7.2p2-3.1 | 7.2p2-3.1 | Feb 13, 2017 | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p |
- affected < 10.3p1-4.1fixed 10.3p1-4.1
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
- affected < 10.3p1-6.1fixed 10.3p1-6.1
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
- affected < 10.3p1-4.1fixed 10.3p1-4.1
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
- affected < 10.3p1-6.1fixed 10.3p1-6.1
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does
- CVE-2025-32728Apr 10, 2025affected < 10.0p2-2.1fixed 10.0p2-2.1
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
- CVE-2025-26466Feb 28, 2025affected < 9.9p2-1.1fixed 9.9p2-1.1
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack
- affected < 9.9p2-1.1fixed 9.9p2-1.1
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying
- affected < 9.6p1-11.1fixed 9.6p1-11.1
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
- affected < 9.6p1-10.1fixed 9.6p1-10.1
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time pe
- affected < 9.6p1-11.1fixed 9.6p1-11.1
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in
- affected < 9.3p2-5.1fixed 9.3p2-5.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-38408Jul 20, 2023affected < 9.3p2-1.1fixed 9.3p2-1.1
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this is
- CVE-2022-2274Jul 1, 2022affected < 9.3p1-1.1fixed 9.3p1-1.1
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computat
- affected < 9.6p1-3.1fixed 9.6p1-3.1
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges
- CVE-2021-28041Mar 5, 2021affected < 9.6p1-3.1fixed 9.6p1-3.1
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
- affected < 8.4p1-7.4fixed 8.4p1-7.4
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
- CVE-2019-6111Jan 31, 2019affected < 8.4p1-7.4fixed 8.4p1-7.4
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att
- CVE-2019-6110Jan 31, 2019affected < 8.4p1-7.4fixed 8.4p1-7.4
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
- CVE-2018-20685Jan 10, 2019affected < 8.4p1-7.4fixed 8.4p1-7.4
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
- affected < 7.2p2-3.1fixed 7.2p2-3.1
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p
Page 1 of 2